programming4us
           
 
 
SQL Server

SQL Server 2008: Security and User Administration - Managing Permissions

- Free product key for windows 10
- Free Product Key for Microsoft office 365
- Malwarebytes Premium 3.7.1 Serial Keys (LifeTime) 2019
10/17/2010 6:12:13 PM
Database security is mainly about managing permissions. Permissions are the security mechanisms that tie principals (for example, logins) to securables (for example, tables). With SQL Server 2008, permissions can be applied at a granular level that provides a great deal of flexibility and control.

Permissions in SQL Server 2008 revolve around three commands: GRANT, REVOKE, and DENY. These three commands were also used in SQL Server 2005 and SQL Server 2000. When permission is granted, the user or role is given permission to perform an action, such as creating a table. The DENY statement denies permission on an object and prevents the principal from gaining GRANT permission based on membership in a group or role. The REVOKE statement removes a permission that was previously granted or denied.

When specifying permissions, you need to carefully consider the hierarchy that exists between GRANT, REVOKE, and DENY. This is particularly important when the principal (for example, user or login) is part of a group or role and permissions have been granted on securables at different scopes of the security model. Following are some examples of the precedence that exists between these statements:

  • A GRANT of a permission removes any REVOKE or DENY on a securable. For example, if a table has SELECT permission denied on it and then the SELECT permission is granted, the DENY permission is then removed on that table.

  • DENY and REVOKE remove any GRANT permission on a securable.

  • REVOKE removes any GRANT or DENY permission on a securable.

  • Permissions denied at a higher scope in the security model override grants on that permission at a lower scope. Keep in mind that the security model has the server scope at the highest level, followed by database and schema. So, if INSERT permission is denied on tables at the database level, and INSERT on a specific table in that database is granted at the schema level, the result is that INSERT is denied on all tables. In this example, a database-level DENYGRANT at the lower schema level. overrides any

  • Permissions granted at a higher scope in the security model are overridden by a DENY permission at a lower level. For example, if INSERT permission is granted on all tables at the database scope, and INSERT is denied on a specific table in the database (schema scope), INSERT is then denied on that specific table.

The assignment of a permission includes the GRANT, DENY, or REVOKE statements plus the permission that these statements affect. The number of available permissions increased in SQL Server 2005 and has been carried forward to SQL Server 2008. Familiar permissions such as EXECUTE, INSERT, and SELECT that were available in SQL Server 2000 are still around, plus the new permissions that were added in SQL Server 2005. Following are some of the new types that were added in SQL Server 2005:

  • CONTROL— This type confers all defined permissions on the securable. This ownership-like capability also cascades to any lower-level objects in the security hierarchy.

  • ALTER— This type confers the capability to change the securable’s properties but does not include the capability to make ownership changes. If ALTER is applied on a scope such as a database or a schema, the capability to use ALTER, CREATE, or DROP on any object in the scope is allocated as well.

  • IMPERSONATE— This type allows the principal to impersonate another user or login.

  • VIEW DEFINITION— This type allows access to SQL Server metadata. This type of data is not granted by default in SQL Server 2008; therefore, the VIEW DEFINITION permission was added to manage access.

The combination of available permissions and the securables that they can be applied to is extensive. The permissions that are applicable depend on the particular securable. SQL Server Books Online lists the permissions for specific securables. You can use the index feature at Books Online to look for “permissions [SQL Server].”

You can also view the available permissions by using system functions and catalog views. The following example uses the sys.fn_builtin_permissions function to retrieve a partial listing of all the available permissions:

SELECT top 5 class_desc, permission_name, parent_class_desc
 FROM sys.fn_builtin_permissions(default)
order by 1,2
/* Results from previous query
class_desc              permission_name parent_class_desc
----------------        --------------- -----------------
APPLICATION ROLE        ALTER           DATABASE
APPLICATION ROLE        CONTROL         DATABASE
APPLICATION ROLE        VIEW DEFINITION DATABASE
ASSEMBLY                ALTER           DATABASE
ASSEMBLY                CONTROL         DATABASE
*/

The granularity with which permissions can be applied with SQL Server 2008 is impressive and, to some degree, challenging. When you look at all the available permissions, you will see that some planning is needed to manage them. In the past, fixed database roles were simple to use but in many cases provided permissions that went beyond what the user needed. Microsoft has supplied the tools to facilitate the concept of “least privileges,” which means providing only the privileges that are needed and nothing more.

Other -----------------
- SQL Server 2008: Security and User Administration - Managing SQL Server Logins
- Managing SQL Server Permissions (part 4) - Using T-SQL to Manage Permissions
- Managing SQL Server Permissions (part 2) - Using SSMS to Manage Permissions at the Object Level
- Managing SQL Server Permissions (part 2) - Using SSMS to Manage Permissions at the Database Level
- Managing SQL Server Permissions (part 1) - Using SSMS to Manage Permissions at the Server Level
- Central Management Servers (part 4) - Evaluating Policies
- Central Management Servers (part 3) - Configuring Multi-Server Query Options
- Central Management Servers (part 2) - Running Multi-Server Queries
- Central Management Servers (part 1) - Creating a Central Management Server
- SQL Server 2008 : The sqlcmd Command-Line Utility
- Installing SQL Server 2008 Using a Configuration File
- SQL Server 2008 : Slipstream Installations
- SQL Server Programmability Objects
- SQL Server 2005 : Data Querying and Reporting (part 2)
- SQL Server 2005 : Data Querying and Reporting (part 1)
- Configuring SQL Server 2008 : Instances vs Default Instance
- sp_configure and SQL Server Management Studio
- Configuring SQL Server 2008 : Database Mail
- Configuring SQL Server 2008 : Full-Text Indexing
- SQL Server 2008 : Working with Indexes
 
 
 
Top 10
 
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 2) - Wireframes,Legends
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 1) - Swimlanes
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Formatting and sizing lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Adding shapes to lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Sizing containers
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 3) - The Other Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 2) - The Data Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 1) - The Format Properties of a Control
- Microsoft Access 2010 : Form Properties and Why Should You Use Them - Working with the Properties Window
- Microsoft Visio 2013 : Using the Organization Chart Wizard with new data
- First look: Apple Watch

- 3 Tips for Maintaining Your Cell Phone Battery (part 1)

- 3 Tips for Maintaining Your Cell Phone Battery (part 2)
programming4us programming4us